Exact Globe+

Installing the private certificate for the Digipoort connection

As communicated by Logius from January 1, 2021, your current public PKIoverheid services server certificate will no longer allow you to communicate with Digipoort.
The cause of this unplanned and hasty replacement is a recently discovered security issue in a number of globally issued certificates. Some of the certificates of PKIoverheid, part of Logius, have also been affected by this problem.
By order of the CA / Browser Forum, which supervises the correct use of public certificates, the affected certificates must be replaced as soon as possible. Logius has drawn up an action plan for this and put it into operation. Part of the action plan is that from now on a private certificate will be used for communication with Digipoort. Your certificate supplier (Digidentity, KPN or QuoVadis) will contact you for the replacement. They may have already done this.

When you have received the private certificate from your certificate provider you have to import it in your companies. Also the root certificate and intermediate certificates needs to be installed.

Important: You can already perform the steps below. It is also important that you update to product update 419SP15, 420SP8 or 421SP2 in January 2021. These product updates will be available at the beginning of January. Keep an eye on the customer portal for more information about the availability of this product updates.

Importing the private certificate

When you have received the private certificate from your certificate provider you have to import it in your companies. This has to be done in all companies that are used to send the declarations. 

1. Go to menu System ➔ General ➔ Settings ➔ General ledger settings.
2. Make sure the option dgp2_procesinfrastructuur_nl_2022-05-24.crt is selected at Digiport endpoint.
3. Go to menu System ➔ General ➔ Returns ➔ Send via Digipoort.
4. Open the Certificates tab.
5. At File path select the new private certificate that you have received from your certificate provider.
6. Click Save.

Installing the root certificate and intermediate certificates

Besides importing the private certificate in the companies, you also have to install the root certificate and intermediate certificates.  You have to install all certificates on all the machines that are used to send the declarations. 

1. You can download the certificates by right-clicking on the link for the certificates and selecting “Save target as” to save the file on your hard drive.
   • DomPrivateServicesCA-G1.cer
   • kpnpkioverheidprivateservicesca-g1.cer
   • PrivateRootCA-G1.cer
2. Right-click the first .cer file and select Install Certificate.
3. When a security warning is shown, click Open to proceed.
4. The Certificate Import Wizard will be displayed. Depending on your situation, select between Current user and Local machine. For this purpose, select Local machine and click Next. When there is no selection option, click Next.
5. In the next screen, select Place all certificates in the following store. Click the Browse button and select the certificate store Intermediate Certification Authorities. If you use Staat der Nederlanden Private Root CA G1 certificate, select Trusted Root Certification Authorities instead.
   
       
6. Click Next to continue.
7. In the final screen, click Finish to import the certificate.
8. When the certificate is successfully imported, the message “The import was successful” is displayed.
9. Repeat these steps for the other certificates.

More information

• https://logius.nl/actueel/blog-pkioverheid-certificaat-vervangingsplan
• https://certificaat.kpn.com/support/faq/faq-certificaat-vervanging/
• https://logius.nl/diensten/pkioverheid/pkioverheid-update/certificaat-vervangingsplan-veelgestelde-vragen
• https://sbr-nl.nl/vervanging-publieke-pkioverheid-services-server-certificaten-voor-1-januari-noodzakelijk